Before setting any policies, ensure you have met the following prerequisites. Refer to your UEM documentation for instructions on how to complete these steps.
This example demonstrates how to use a device-wide policy (DO) that requires a fingerprint as the minimum password strength. This configuration is applied to the entire device. You can repeat this sequence of steps for any policy that falls under the Device-wide policies (Device Owner) category.
This example demonstrates how to use a profile wide policy that disables the Android "Allow Share Via" option. Note that the particular policies used below require a KPE Premium license key. You can repeat this sequence of steps for any policy that falls under the Work profile policies (Profile Owner) category.
Some policies allow you to select more than one option as a parameter. With these policies, you can individually select which parameters to enable or disable. In some cases, you may need to de-select policy parameters that you do not want to apply. For example, we set the USB exception list to allow only Audio and Human Interface Device. The following image shows a policy with multiple options applied.
To revoke multiple polices, simply de-select the polices you wish to change and push the updated configuration profile to your devices.
Some policies are actually a subset of a larger group policy. With these policies, you must enable the group policy before you can modify any individual parameters. For example, we must first turn on Tethering controls before we can access the settings below – Allow WiFi tethering and Allow Bluetooth tethering. This is shown in the image below.
To target a specific app, you need to use the app package name in conjunction with a KSP policy.
com.samsung.email.provider, com.samsung.android.app.notes, com.sec.android.app.voicenote.
One way to find an apps package is to search for it on Google Play in a browser. You see the app package appended to the URL in the browser, as seen in the following image.
Revoking a policy is simple. All you need to do is find the policy you previously enabled and toggle it back off. For example, let's turn Wi-Fi back on from our previous example above.
You can also revoke an entire group of polices if you turn off the respective group control flag. For example, if you turn off Enable device restriction controls, than all device restrictions are revoked.
In addition, if a policy that is related to a configuration is disabled, all the configuration is revoked. For example, if Customize DeX Experience is turned off , then all settings applied from the DeX customization profile are revoked.
To test your polices, you use a feature called Debug mode.